Category Archives: data encryption

Regulatory TREND. Anatomy of the Cybersecurity Solarium Commission

The U.S. Cybersecurity Solarium Commission is taking inspiration from the 1950s era commission that studying nuclear strategy.

The 14 member Cybersecurity Solarium Commission will be comprised of:

  • 4 current lawmakers
  • director or deputy director of National Intelligence
  • drector or deputy director of Defense
  • director or deputy director of the FBI
  • director or deputy director of Homeland Security
  • academics
  • industry representatives

Strategies to develop:

Data Security new Threats to Water and Wastewater. Regulatory & Legislative Fixes on the Horizon.

IN March 2019 hackers got into a small Colorado water utility.

Are there regualtory parallels that can be made to secure the water and waste water systems? Yes, Water utilities & power distributors share similar industrial control systems

Which states have taken water security measures forward? NJ, NY 

E& E News | Hackers force water utilities to sink or swim

TREND. Blockchain Prevents Data Breaches. Add it to Talking Points.

Marriott CEO testified before the Senate Committee on Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations and said that the hotel chain would now use encryptiona nd toeknization (blockchain, distributed ledger) to safely store data.

Security Boulevard | Marriott Could Have Prevented Privacy Data Breach with Tokenization

Lege TREND. Top Data Security State Legislation in 2019.

  • California Privacy Act.  Will other states replicate it? Is it the US solution for GDPR?
  • Federal Preemption. Will Congress pass federal data breach notification standards?
  • Data Privacy Requirements for Internet of Things.  Privacy standards for your home thermostat, etc… See California’s SB 327 (2018)
  • Will small businesses get a carve out bill? See S770 (115th Congress)
  • Federal Preemption of Data Encryption Standards for Business

Sc Media | Top cybersecurity legislation of 2019

Refreshing our Recollection | Internet Bill of Rights | Hello, Telecom: Hint, Hint: This is where the left & right meet.

Activists are promoting an Internet bIll of Rights, the kind of bill state legislatures love. What would it do?

  • Keeping your “browsing history” private
    • ​Except: fraud or potential crimes  
  • Full disclosure when being monitored, and the right to opt out
  • Preserving the privacy of your social media accounts.
  • Ownership of your personal, digital content
  • Notification of injurious data breaches
  • Fair play on social media platforms and/or internet providers
  • Protecting children on social media
  • P…

New Report. New Cybersecurity Risk. Ports. 4 Key Points.

The report is by: maritime law firm Jones Walker LLP

What did the report find?

  • Hacks are happening at ports. 80% of large maritime industry companies (400+ employees) report cyber attack in the last year
  • Unprepared. 64% say their own companies are unprepared to handle the far-reaching business, financial, regulatory and public relations consequences of a data breach
    • 6% of small companies are prepared for a cyberattack (1-49 employees)
    • 19% of midsize companies are prepared (49-400…

Texas State Agency. 2nd Largest Health Care Data Breach in US for 2018. What you need to know:

What agency is involved? Employee Retirement System of Texas

What was the data breach? Personal health information data for other individuals was accessible when a person was logged into the agency portal

When did ERS receive notification? August 17 2018

How many people were impacted? nearly 1.25 million individuals

When did ERS report the incident?  reported to the U.S. Department of Health and Human Services as a “unauthorized access/disclosure” health data breach on October 15th

Gov…

5 Points. Apple Desired Information Privacy Law.

 

  • tech companies should de-identify customer data or not collect customer data
  • comprehensive federal law is necessary
    • why? tech companies that collect a lot of data are basically spies
  • people should have a right in their data, and a right to have that data minimized
  • consumers must be told what data is being collected & why
  • the data belongs to the users and users (consumers) should always have access to it

The gold standard law: GDPR in the EU

Ars Technica | Tim Cook Calls for Strong US…

7 Data Security Policy Issues Raised by a Financial Regulator. Put it on your Radar.

SEC Commissioner Kara M. Stein raises these policy issues for regulators:

  • Should a company value its data?
  • Should it disclose the value of its data?
  • Who is responsible for the appropriate collection and use of data?
  • Who is responsible for protecting the privacy of personally identifiable information that is collected and used?
  • Who is responsible for determining how data can be shared?
  • Who is responsible for establishing and implementing minimum standards for data collection and use?
  • Who i…